EUVD-2025-30224

Malicious code in bioql PyPI...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

CVE-2025-30755 affects OpenGrok 1.14.1. It describes a reflected Cross-Site Scripting (XSS) in the cross reference page due to improper handling of the revision parameter, reflecting unsanitized user input into HTML. CVSS details indicate Network attack, no privileges, user interaction required, ...

PT-2025-38498

Name of the Vulnerable Software and Affected Versions OpenGrok version 1.14.1 Description The application reflects unsanitized user input into the HTML output, leading to a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This occurs due to improper handling of th...

CVE-2025-58143

A race condition exists in Xen’s viridian implementation during mapping of the reference TSC page. A malicious x86 HVM guest with the referencetsc viridian extension enabled could exploit this flaw to cause Xen to free a page while it is still present in the guest physical-to-machine p2m mappings...

Citrix XenServer Multiple Vulnerabilities (XSA-472)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities: - A NULL pointer dereference in the updating of the reference TSC area. CVE-2025-27466 - A NULL pointer dereference by assuming the SIM page is mapped when a...

PT-2025-37188

Name of the Vulnerable Software and Affected Versions Xen versions affected versions not specified Description The issue concerns a cross-platform hypervisor, Xen, within the Linux operating system kernel. It relates to synchronization errors when a shared resource is used, and a race condition...

Shopify: any staff members have the ability to comment in [discounts] he/she can disable comment section it to other staff even the admin of the store

Hi, I found this cool behavior by mistake when I was testing for some GraphQL, any user have ability to comment in discounts code at discounts section can turn off comments to the other staff members include the admin/manager of the store. this happens because when the GraphQL used to create a...

earthwerks.net XSS vulnerability

Vulnerable URL: http://www.earthwerks.net/quickreference.php?region=US〈=1/-///'/"//--...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA Switches and Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the affected interface on an...